New extension callback features.

Support separate parse and add callback arguments. Add new callback so an application can free extension data. Change return value for send functions so < 0 is an error 0 omits extension and > 0 includes it. This is more consistent with the behaviour of other functions in OpenSSL. Modify parse_cb handling so <= 0 is an error. Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument order consistent. NOTE: these changes WILL break existing code. Remove (now inaccurate) in line documentation. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 33f653adf3bff5b0795e22de1f54b7c5472252d0)
author: Dr. Stephen Henson <steve@openssl.org> 2014-08-16 18:16:26 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-08-28 18:10:21 +0100
commit: 6db2239c608a3d434238e0ca64ff962711bed190 (patch)
tree: 578608cabcc5142a7a5b495ab2647c1e28865e70 /ssl/ssl.h
parent: 423ceb831903339b589ea7b94c877ed190a7cb64 (diff)
1 files changed, 19 insertions, 43 deletions
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 4ce46cb95c..189d2e89c1 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -385,36 +385,23 @@ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, i
 typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 
 #ifndef OPENSSL_NO_TLSEXT
-/* Callbacks and structures for handling custom TLS Extensions: 
- *   cli_ext_add_cb   - sends data for ClientHello TLS Extension
- *   cli_ext_parse_cb - receives data from ServerHello TLS Extension
- *   srv_ext_parse_cb - receives data from ClientHello TLS Extension
- *   srv_ext_add_cb   - sends data for ServerHello TLS Extension
- *
- *   All these functions return nonzero on success.  Zero will terminate
- *   the handshake (and return a specific TLS Fatal alert, if the function
- *   declaration has an "al" parameter).  -1 for the "sending" functions
- *   will cause the TLS Extension to be omitted.
- * 
- *   "ext_type" is a TLS "ExtensionType" from 0-65535.
- *   "in" is a pointer to TLS "extension_data" being provided to the cb.
- *   "out" is used by the callback to return a pointer to "extension data"
- *     which OpenSSL will later copy into the TLS handshake.  The contents
- *     of this buffer should not be changed until the handshake is complete.
- *   "inlen" and "outlen" are TLS Extension lengths from 0-65535.
- *   "al" is a TLS "AlertDescription" from 0-255 which WILL be sent as a 
- *     fatal TLS alert, if the callback returns zero.
- */
+
+/* Typedefs for handling custom extensions */
 
 typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
 					  const unsigned char **out,
 					  size_t *outlen, int *al,
-					   void *arg);
+					   void *add_arg);
+
+typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+					   const unsigned char *out,
+					   void *add_arg);
 
 typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
 					   const unsigned char *in,
 					   size_t inlen, int *al,
-					   void *arg);
+					   void *parse_arg);
+
 
 #endif
 
@@ -1257,30 +1244,19 @@ const char *SSL_get_psk_identity(const SSL *s);
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
-/* Register callbacks to handle custom TLS Extensions as client or server.
- * 
- * Returns nonzero on success.  You cannot register twice for the same 
- * extension number, and registering for an extension number already 
- * handled by OpenSSL will fail.
- *
- * NULL can be registered for any callback function.  For the client
- * functions, a NULL custom_ext_add_cb sends an empty ClientHello
- * Extension, and a NULL custom_ext_parse_cb ignores the ServerHello
- * response (if any).
- *
- * For the server functions, a NULL custom_ext_parse means the
- * ClientHello extension's data will be ignored, but the extension will still
- * be noted and custom_ext_add_cb will still be invoked.  A NULL
- * custom_srv_ext_second_cb doesn't send a ServerHello extension.
- */
+/* Register callbacks to handle custom TLS Extensions for client or server. */
+
 int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned int ext_type,
-			       custom_ext_add_cb add_cb, 
-			       custom_ext_parse_cb parse_cb, void *arg);
+			       custom_ext_add_cb add_cb,
+			       custom_ext_free_cb free_cb,
+                               void *add_arg,
+			       custom_ext_parse_cb parse_cb, void *parse_arg);
 
 int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned int ext_type,
-			       custom_ext_parse_cb parse_cb, 
-			       custom_ext_add_cb add_cb, void *arg);
-
+			       custom_ext_add_cb add_cb,
+			       custom_ext_free_cb free_cb,
+                               void *add_arg,
+			       custom_ext_parse_cb parse_cb, void *parse_arg);
 #endif
 
 #define SSL_NOTHING	1
author	Dr. Stephen Henson <steve@openssl.org>	2014-08-16 18:16:26 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-08-28 18:10:21 +0100
commit	6db2239c608a3d434238e0ca64ff962711bed190 (patch)
tree	578608cabcc5142a7a5b495ab2647c1e28865e70 /ssl/ssl.h
parent	423ceb831903339b589ea7b94c877ed190a7cb64 (diff)